modelcontextprotocol/servers

Pattern Findings

65 matches across 7 categories. Click a row to expand file-level details.

Hyper-Verbose Identifiers45 hits · 46 pts

Severity	File	Line	Snippet
LOW	src/everything/tools/simulate-research-query.ts	331	function getInterpretationsForTopic(
LOW	src/filesystem/path-validation.ts	11	export function isPathWithinAllowedDirectories(absolutePath: string, allowedDirectories: string[]): boolean {
LOW	src/filesystem/lib.ts	76	function resolveRelativePathAgainstAllowedDirectories(relativePath: string): string {
LOW	src/filesystem/lib.ts	374	export async function searchFilesWithValidation(
LOW	src/filesystem/index.ts	706	async function updateAllowedDirectoriesFromRoots(requestedRoots: Root[]) {
LOW	src/time/test/time_server_test.py	85	def test_get_current_time_with_invalid_timezone():
LOW	src/time/test/time_server_test.py	465	def test_get_local_tz_with_override():
LOW	src/time/test/time_server_test.py	472	def test_get_local_tz_with_invalid_override():
LOW	src/time/test/time_server_test.py	479	def test_get_local_tz_with_valid_iana_name(mock_get_localzone):
LOW	src/time/test/time_server_test.py	488	def test_get_local_tz_when_none_returned(mock_get_localzone):
LOW	src/time/test/time_server_test.py	496	def test_get_local_tz_handles_windows_timezones(mock_get_localzone):
LOW	src/time/test/time_server_test.py	523	def test_get_local_tz_various_timezones(mock_get_localzone, timezone_name):
LOW	src/fetch/tests/test_server.py	29	def test_url_with_query_params(self):
LOW	src/fetch/tests/test_server.py	84	def test_empty_content_returns_error(self):
LOW	src/fetch/tests/test_server.py	149	async def test_allows_when_robots_txt_allows_all(self):
LOW	src/fetch/tests/test_server.py	168	async def test_blocks_when_robots_txt_disallows_all(self):
LOW	src/fetch/tests/test_server.py	247	async def test_fetch_json_returns_raw(self):
LOW	src/fetch/src/mcp_server_fetch/server.py	27	def extract_content_from_html(html: str) -> str:
LOW	src/fetch/src/mcp_server_fetch/server.py	66	async def check_may_autonomously_fetch_url(url: str, user_agent: str, proxy_url: str \| None = None) -> None:
LOW	src/git/tests/test_server.py	257	def test_validate_repo_path_no_restriction():
LOW	src/git/tests/test_server.py	262	def test_validate_repo_path_exact_match(tmp_path: Path):
LOW	src/git/tests/test_server.py	269	def test_validate_repo_path_subdirectory(tmp_path: Path):
LOW	src/git/tests/test_server.py	278	def test_validate_repo_path_outside_allowed(tmp_path: Path):
LOW	src/git/tests/test_server.py	302	def test_validate_repo_path_symlink_escape(tmp_path: Path):
LOW	src/git/tests/test_server.py	318	def test_git_diff_rejects_flag_injection(test_repository):
LOW	src/git/tests/test_server.py	454	def test_git_create_branch_rejects_flag_injection(test_repository):
LOW	src/git/tests/test_server.py	463	def test_git_create_branch_rejects_base_branch_flag_injection(test_repository):
LOW	src/git/tests/test_server.py	469	def test_git_log_rejects_timestamp_flag_injection(test_repository):
LOW	src/git/tests/test_server.py	478	def test_git_branch_rejects_contains_flag_injection(test_repository):
LOW	src/git/tests/test_server.py	35	def test_git_checkout_existing_branch(test_repository):
LOW	src/git/tests/test_server.py	42	def test_git_checkout_nonexistent_branch(test_repository):
LOW	src/git/tests/test_server.py	75	def test_git_branch_not_contains(test_repository):
LOW	src/git/tests/test_server.py	99	def test_git_add_specific_files(test_repository):
LOW	src/git/tests/test_server.py	127	def test_git_diff_unstaged_empty(test_repository):
LOW	src/git/tests/test_server.py	142	def test_git_diff_staged_empty(test_repository):
LOW	src/git/tests/test_server.py	219	def test_git_create_branch_from_base(test_repository):
LOW	src/git/tests/test_server.py	245	def test_git_show_initial_commit(test_repository):
LOW	src/git/tests/test_server.py	290	def test_validate_repo_path_traversal_attempt(tmp_path: Path):
LOW	src/git/tests/test_server.py	330	def test_git_checkout_rejects_flag_injection(test_repository):
LOW	src/git/tests/test_server.py	342	def test_git_diff_allows_valid_refs(test_repository):
LOW	src/git/tests/test_server.py	368	def test_git_checkout_allows_valid_branches(test_repository):
LOW	src/git/tests/test_server.py	386	def test_git_diff_rejects_malicious_refs(test_repository):
LOW	src/git/tests/test_server.py	412	def test_git_checkout_rejects_malicious_refs(test_repository):
LOW	src/git/tests/test_server.py	432	def test_git_show_rejects_flag_injection(test_repository):
LOW	src/git/tests/test_server.py	441	def test_git_show_rejects_malicious_refs(test_repository):

Self-Referential Comments5 hits · 16 pts

Severity	File	Line	Snippet
MEDIUM	src/git/tests/test_server.py	309	# Create a symlink inside allowed that points outside
MEDIUM	src/git/tests/test_server.py	64	# Create a new branch and commit to it
MEDIUM	src/git/tests/test_server.py	78	# Create a new branch and commit to it
MEDIUM	src/git/tests/test_server.py	347	# Create a branch with a commit for diffing
MEDIUM	src/git/tests/test_server.py	373	# Create a branch to checkout

Fake / Example Data7 hits · 8 pts

Severity	File	Line	Snippet
LOW	src/memory/__tests__/knowledge-graph.test.ts	272	{ name: 'Acme Corp', entityType: 'company', observations: ['tech company'] },
LOW	src/memory/__tests__/knowledge-graph.test.ts	276	{ from: 'Alice', to: 'Acme Corp', relationType: 'works_at' },
LOW	src/memory/__tests__/knowledge-graph.test.ts	277	{ from: 'Bob', to: 'Acme Corp', relationType: 'competitor' },
LOW	src/memory/__tests__/knowledge-graph.test.ts	290	expect(result.entities[0].name).toBe('Acme Corp');
LOW	src/memory/__tests__/knowledge-graph.test.ts	318	expect(result.relations[0].to).toBe('Acme Corp');
LOW	src/everything/__tests__/tools.test.ts	635	name: 'John Doe',
LOW	src/everything/__tests__/tools.test.ts	657	expect(result.content[1].text).toContain('John Doe');

Verbosity Indicators4 hits · 8 pts

Severity	File	Line	Snippet
LOW	src/filesystem/path-validation.ts	71	// On Windows, we need to check if both paths are on the same drive
LOW	src/filesystem/__tests__/path-validation.test.ts	949	// Step 1: validatePath would pass for legitimate file
LOW	src/filesystem/__tests__/path-validation.test.ts	952	// Step 2: Race condition - replace file with symlink after validation
LOW	src/filesystem/__tests__/path-validation.test.ts	956	// Step 3: Read operation follows symlink to forbidden location

Magic Placeholder Names1 hit · 5 pts

Severity	File	Line	Snippet
HIGH	README.md	220	"GITHUB_PERSONAL_ACCESS_TOKEN": "<YOUR_TOKEN>"

Excessive Try-Catch Wrapping2 hits · 2 pts

Severity	File	Line	Snippet
LOW	src/time/src/mcp_server_time/server.py	56	except Exception as e:
LOW	src/time/src/mcp_server_time/server.py	215	except Exception as e:

Redundant / Tautological Comments1 hit · 2 pts

Severity	File	Line	Snippet
LOW	src/git/src/mcp_server_git/server.py	249	# Check if repo_path is the same as or a subdirectory of allowed_repository

Score History

Severity Breakdown

Pattern Findings